Pages: [1]   Go Down
« previous next »
Author Topic: Syslog collection by satellite agent  (Read 475 times)
0 Members and 1 Guest are viewing this topic.
4drian
Newbie
*

Karma: 0
Offline Offline

Posts: 2


View Profile
« on: July 14, 2009, 09:01:58 AM »
Hi,

I may appear to be lazy here but could someone let me know if the following is possible now, possible in a future release, or possible by paying someone to develop easily:

I'd like to deploy satellite agents to a variety of sites that belong to clients of mine. Each site would have an agent installed on what would 95% of the time be a Windows computer. The satellites would then ideally open a socket on UDP514 and accept syslog data. Using some form of control on the agent, either all or certain syslog messages would then be forwarded to the central PandoraFMS server where they could trigger alerts. Hopefully the syslog stream would be gzip compressed in a buffer and sent using the same Tentacle connection as everything else. What would be even more amazing is if we could extract information out of the syslog data as well but I fear that I'm pushing my luck slightly on that feature. Alternatively, the syslog data is relayed to the central server where it can be streamed into an alternative log analysis program (e.g. Splunk).

If a syslog message contained a variety of attribute-value pairs such as 'id=admin,policy=25,interface=eth0' etc I would love to be able to use this information in the same way as information gathered via SNMP.

I have downloaded the 2.11 debs and am starting to get to grips with PandoraFMS but if someone could let me know about the above I would be very grateful.

I saw a similar post about syslog in Spanish but I'm not very good at understanding it and Google translate didn't work very well on it.
Logged

villa
Global Moderator
Full Member
*****

Karma: 0
Offline Offline

Posts: 36


View Profile
« Reply #1 on: July 16, 2009, 03:59:22 AM »
Hi,

Do you need collect all syslog or you find any word?. Pandora is not as Splunk, but in Windows and Linux Agent is possible find words in syslog with logical operators and send the results of Pandora.

If you want contact with the company that develop Pandora you can do it in www.artica.es.

Regards.
Logged

Manuel Arostegui
Global Moderator
Expert member
*****

Karma: 50
Offline Offline

Posts: 853



View Profile
« Reply #2 on: July 18, 2009, 12:28:34 AM »
Hi Adrian4

You can, indeed, set up satellite agents in your clients and send all the information from them to your location.
As villa said, both, Linux and Windows agents are able to read from syslog in the linux scenario and from Event Log in Windows.
Keep in mind the satellite agents will send the information (XML file with all the checks' results, including the syslog or Event log on it) via tentacle every X interval.
You can define text alerts based on the data gathered from the logs.

Hope this helps
Logged

Pages: [1]   Go Up
Print
« previous next »
 
Jump to:  


SourceForge.net Logo  This site is monitored by Pandora FMS   ArticaST